Unable to initialize security subsystem (554)

0 votes
asked Sep 28, 2011 by JochenA (160 points)
edited Sep 30, 2011

Hi,

i have the problem that i had to roll out my software :-) On the test machine with a different SMTP server everything worked as it should. No I have rolled out my application and change the SMTP server to the one from the customer. The result:

"Unable to initialize security subsystem (554)"

MailSecurity has been set to Secure (an for testing to Unsecure). Here is the code I use:

Smtp client = new Smtp();

TlsParameters par = new TlsParameters();
par.CommonName = AppGeneral.strMailServer;  // contains the IP of the mail server (and yes, it is pingable)
par.CertificateVerifier = CertificateVerifier.AcceptAll;
par.AllowedSuites = TlsCipherSuite.All;

client.Connect(AppGeneral.strMailServer, AppGeneral.intMailServerPort, par, AppGeneral.secMailServer);
client.Login(AppGeneral.strMailServerUser, AppGeneral.strMailServerPwd);

MailMessage msg = new MailMessage();
msg.To.Add(strTo);
msg.Sender = AppGeneral.strMailServerSender;    // contains both the sender mail address
msg.From = AppGeneral.strMailServerSender;      // contains both the sender mail address

msg.Subject = dr.Field<string>("subject");
msg.BodyHtml = dr.Field<string>("message");

client.Send(msg);

// CleanUp

Please help.

Best regards Jochen Auinger

Applies to: Rebex Secure Mail

2 Answers

0 votes
answered Sep 29, 2011 by Lukas Pokorny (126,910 points)
edited Sep 29, 2011

This looks like you are trying to connect using TLS/SSL to a server that claims TLS/SSL support, but when a secure channel is actually requested, it reports an error instead of proceeding with TLS/SSL negotiation. This is usually caused by a server misconfiguration or bug - for example, Microsoft Exchange suffers from it - see KB 237327 for details and a solution. An alternative solution is to stop using TLS/SSL security with this server.

A communication log produced using Smtp object's LogWriter property can be used to determine more information about the server.

0 votes
answered Sep 29, 2011 by JochenA (160 points)
edited Sep 30, 2011

Thanks for the quick response. Here is what the LogWriter created:

2011-09-29 17:24:57.375 Opening log file.
2011-09-29 17:24:57.375 INFO Smtp(1) Info: Connecting to xxx.xxx.xxx.xxx:25 using Smtp 1.0.4086.0.
2011-09-29 17:24:57.422 DEBUG Smtp(1) Info: Connection succeeded.
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 220 xxxx.xxxxxx.LOCAL Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Thu, 29 Sep 2011 17:24:57 +0200 
2011-09-29 17:24:57.422 INFO Smtp(1) Command: EHLO user
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-xxxx.xxxxxx.LOCAL Hello [xxx.xxx.xxx.xxx]
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-TURN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-SIZE
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-ETRN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-PIPELINING
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-DSN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-ENHANCEDSTATUSCODES
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-8bitmime
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-BINARYMIME
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-CHUNKING
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-VRFY
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-X-EXPS GSSAPI NTLM LOGIN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-X-EXPS=LOGIN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-AUTH GSSAPI NTLM LOGIN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-AUTH=LOGIN
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-X-LINK2STATE
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250-XEXCH50
2011-09-29 17:24:57.422 INFO Smtp(1) Response: 250 OK
2011-09-29 17:24:57.437 INFO Smtp(1) Command: STARTTLS
2011-09-29 17:24:57.437 INFO Smtp(1) Response: 554 5.7.3 Unable to initialize security subsystem
2011-09-29 17:24:57.531 ERROR Smtp(1) Info: Rebex.Net.SmtpException: Unable to initialize security subsystem (554).
   bei Rebex.Net.Smtp.cgrDQE(Int32 , Boolean )
   bei Rebex.Net.Smtp.BLyBkd(TlsParameters )
   bei Rebex.Net.Smtp.Connect(String serverName, Int32 serverPort, TlsParameters parameters, SmtpSecurity security)

Thanks for your help.

Best regards Jochen Auinger

commented Sep 30, 2011 by Lukas Pokorny (126,910 points)
edited Sep 30, 2011

Thanks for the log! It looks like Rebex Mail is to blame here, because it has attempted TLS/SSL negotiation although the server did not actually advertise support for it. However, the proper behavior in this case would be to throw an SmtpException that says something like "TLS/SSL not supported by this server", which would not be much different from the current behavior from the application's point of view.

So there are two possible solutions: a) Don't use TLS/SSL (use SmtpSecurity.Unsecure when calling the Connect method) or b) Configure the server to support TLS/SSL

commented Sep 30, 2011 by JochenA (160 points)
edited Sep 30, 2011

Thanks for the help. I have configured the application not to use TLS/SSL and now it works like a charm. Thanks for your support.

Best regards Jochen Auinger

...